saint 8 security suite red hat and centos operating...

11/4/2015

SAINT 8 Security Suite

Red Hat and CentOS

Operating System

Installation Guide

11/4/2015

Table of Contents

Introduction ..................................................................................................................................... 3

Accept License and Download SAINT........................................................................................... 3

Installation....................................................................................................................................... 6

Graphic User Interface (GUI) Install .......................................................................................... 6

Command Line Interface (CLI) Terminal Install ........................................................................ 7

Starting SAINT 8 ............................................................................................................................ 9

Initial Start Up............................................................................................................................. 9

SAINT 8 Main Menu Options .................................................................................................. 11

Start and Launch Browser ..................................................................................................... 11

Start as a Background Process .............................................................................................. 11

Start as a Remote Scanner Node ........................................................................................... 11

General Option ...................................................................................................................... 12

Stop ....................................................................................................................................... 13

Exit ........................................................................................................................................ 13

What if a service or required configuration setting is not found on startup? ............................ 13

Database Setup .............................................................................................................................. 15

Database Installation and Setup ................................................................................................ 15

Connect to a Remote Database ................................................................................................. 17

Connecting to a Remote MySQL Database .......................................................................... 17

Connecting to a Remote PostgreSQL Database .................................................................... 18

Installing JAVA SDK for SCAP Module ..................................................................................... 19

Command Line installation ....................................................................................................... 19

Logging In ..................................................................................................................................... 21

Accepting the License Agreement ............................................................................................ 23

Setup License Key ........................................................................................................................ 24

Configure SAINT Key .............................................................................................................. 24

Configure SAINTexpress Plug-In................................................................................................. 26

Get the Latest Updates with SAINTexpress ............................................................................. 26

Run your First Scan Job ................................................................................................................ 27

11/4/2015

Introduction

By now, you have received a notification from SAINT Corporation that you have access to

SAINT 8. The information contained in the email message will get you started with locating the

download site. It also included instructions for installing or setting up SAINT 8 from the bundled

virtual machine. The following information is provided to help you –

Set up SAINT 8 from the installer

Accept the license agreement

Configure your key

Set up the SAINTexpress® update process

Run your first scan

We are always working on new SAINT 8 help content via the Support Portal’s knowledge-base

and our subscriber-based YouTube content:

http://www.youtube.com/user/saintexploit?feature=watch

Check those sites frequently for more information.

Accept License and Download SAINT

SAINT software is made available to you via the mySAINT customer portal, which can be

accessed by logging in at http://www.saintcorporation.com, using your SAINT customer account

credentials. Once you’ve logged into the mySAINT portal, you will see the SAINT software listed

in the PRODUCT PORTAL download section that you are licensed for, as shown below.

1. Click continue once the applicable software product is selected or is already visible.

2. Select the deployment option of the product to be downloaded. In this example, we will

download the 32-bit version for the Redhat or CentOS platform. The package

downloaded must be compatible with the OS you will be using.

http://www.youtube.com/user/saintexploit?feature=watch%20

http://www.saintcorporation.com/

11/4/2015

3. Read the Customer License Agreement and click the I Accept the agreement checkbox.

4. Click the Continue button to access the downloads page.

The DOWNLOAD INSTRUCTIONS page will provide a Download button for launching the

process and downloading the software to a specified destination. This page also provides

additional help instructions, applicable to the deployment option and product being downloaded.

Click the Download button to start the download process. You will be prompted to Save the File,

as show in the Firefox example below:

11/4/2015

Save the file in a location that can be located from your target SAINT host.

11/4/2015

Installation If this is a fresh Red Hat or CentOS installation, or one that has not been updated recently, it is

recommended that you verify your target host is up-to-date with the latest patches. For Red Hat,

verify that your Subscription Manager for RHEL is up-to-date. Also, run a “yum update”

command from a terminal window, to update any packages/dependencies on the host, before

installing the SAINT software. For CentOS, it is recommended that you run the following

commands from a terminal window, to update any packages/dependencies on the host prior to

installing the SAINT software.

$ sudo yum update –y

$ sudo yum upgrade –y

The full installation process from start to finish should take approximately 20 minutes maximum

depending on your Internet download speed. Most of the time will be spent resolving packages

and dependencies needed by SAINT to run effectively.

The following describes how to install the SAINT 8 Security Suite from either a graphical user

interface or from the command line.

Graphic User Interface (GUI) Install

1. Double-click on the file SAINT 8-8.x.x-1.i586.rpm (32-bit) or SAINT 8-x-x-x-1.x86_64.rpm

(64-bit), where x.x is the version you downloaded.

2. Choose Install.

3. At the Authenticate prompt, enter the Password for the user with administrative privileges

on the host.

4. Click OK. The installer will continue applying/installing the software and dependent

packages. This process will take several minutes.

5. Next, launch the SAINT Security Suite from the icon in the Applications menu to continue

the setup. This process will include setting up and configuring a database, choosing the way

the application starts, and logging into the application for the first time. Refer to the Starting

SAINT 8 section for help and instructions on the startup process.

6. The installer will then automatically launch the SAINT 8 MAIN MENU. This menu provides

options for configuring and starting the SAINT 8 software, setting up and configuring the

database, choosing the way the application starts (GUI; background process; distributed

scanner node), and logging into the application for the first time. Refer to the Starting

SAINT 8 section next, for help and instructions on the startup process.

Note: If the installer does not automatically launch the startup MAIN MENU, then launch the

SAINT software from the SAINT 8 icon in the Applications menu.

11/4/2015

The SAINT 8 start icon can be found in the Applications menu. If the

installer does not automatically launch the startup MAIN MENU, launch the

SAINT software from the SAINT 8 icon in the Applications menu.

Command Line Interface (CLI) Terminal Install

1. Navigate to the Directory where the SAINT 8 package is located. The following example

uses the Download Directory.

2. Enter the following rpm command to open the rpm installer package:

$ sudo rpm –ivh SAINT 8.8.x.x.x

3. Navigate to the SAINT directory. The default saint directory is

/usr/share/saint

The Installation script can only run from the /usr/share/saint directory y default.

4. Enter the following command from the /saint directory

$ sudo ./bin/startmenu8

5. The system will prompt you for the password of the root account. Enter the root credentials

at the prompt:

6. Next, the installation process will check the host environment and validate that all dependent

packages are installed. If not, you will be prompted to update or install needed packages, as

shown in the example below. When prompted, answer yes for each applicable update, as

shown in the following examples:

11/4/2015

The installation process will continue as you access each package update prompt, until all

dependent packages have been successfully installed.

The installer will then automatically launch the SAINT 8 MAIN MENU. This menu provides

options for configuring and starting the SAINT 8 software, setting up and configuring the

database, choosing the way the application starts (GUI; background process; distributed scanner

node), and logging into the application for the first time. Refer to the Starting SAINT 8 section

next for help and instructions on the startup process.

Note: If the installer does not automatically launch the startup MAIN MENU, launch the SAINT

software from the SAINT 8 icon in the Applications menu, to continue the setup, to include the

setup and configuration of the database, choosing the way the application starts (GUI;

background process; distributed scanner node), and logging into the application for the first time.

The SAINT 8 start icon can be found in the Applications menu. If the

installer does not automatically launch the startup MAIN MENU, launch

the SAINT software from the SAINT 8 icon in the Applications menu.

11/4/2015

Starting SAINT 8 Starting the SAINT 8 Security Suite software first requires you to log in with administrative

privileges. This is similar to the way Windows and other modern operating systems validate your

credentials and permission to install and run applications on the host.

Once your credentials have been validated, the startup process will launch the SAINT 8 MAIN

MENU that displays the various configuration and startup options for the SAINT software.

An installation can be configured one of three ways:

1. Standalone Installation – this installation is typical of most installations, and is typically

run with the Start and Launch Browser option.

2. Remote access – this installation will enable you to run the application on the host without

launching the browser, and is initiated by selecting the Start as a Background Process

option. This is typically selected if you plan to run SAINT on a shared host, and connect

to it from another host.

3. Remote Scanner Node – this option configures the host installation to act only as a

scanning “engine” – requiring a connection back to another SAINT installation acting as a

“manager” for user interaction and managing scans against the installed scanner.

You must select the option that describes how you want the software to be started. Your

selection here will be stored and used on subsequent startup processes. Each option is defined in

more detail in the SAINT 8 Main Menu Options section below.

Initial Start Up

The first time you start SAINT from the menu, the start-up process will evaluate the installation

settings and the start option selected, and may require additional configuration settings. For

example:

11/4/2015

If the installation is a standalone installation or one that will “manage” other remote

installations connected as scanner “nodes,” the start-up process will include steps to

select your database preference and account settings. Refer to the Database Setup section

for instructions on installing and setting up the database for the host installation.

If this installation is being started as a Remote Scanner Node, then the setup will require

configuration of the IP address and connection port to make a secure connection back to

the SAINT installation acting as the “manager.” Instructions for that setup can be found

in the Start as a Remote Scanner Node section.

If you are licensed for the SCAP Module, this capability requires the Oracle Java

Development Kit (JDK) to be installed on the “manager” host. Refer to the Installing

JAVA SDK for SCAP Module section for instructions on how to locate and install the

JDK.

Once these processes are complete, the startup process will validate the installation and start the

SAINT 8 software for the first time. Refer to the Logging In section for instructions on logging

into SAINT for the first time.

11/4/2015

SAINT 8 Main Menu Options

Start and Launch Browser

The first option is to start the software and launch a browser to support direct access on the

installed host; or even from a remote location if the host can access the installed host. This option

is most typically used for standalone, desktop installations or even server installations where

access to the user interface will be directly on the installed host.

Start and Launch Browser – starts SAINT 8 in a browser window.

Launch Browser – this option will be available if the software has already been started

and is still running in background. Select this option just to open a browser on the

installed host.

Restart and Launch Browser – this option will stop and restart the software, check for

any product updates, and launch the user interface in a browser window.

Start as a Background Process

SAINT 8 can be started to run as a background process, without launching the browser. This is

typical of a shared environment where access will be from various desktop browsers or via

command line access from remote hosts.

Start as a Background Process – starts all SAINT 8 processes but does not launch the

browser-based user interface.

Restart Background Process – this option will stop and restart the software and check

for any product updates. This step does not launch the user interface in a browser

window.

Note: In some operating systems, the port will have to be open for a connection to be established.

By default, SAINT 8 uses port 1414 for the web browser.

Start as a Remote Scanner Node

The third option is to start SAINT 8 as a remote scanner node, to support a distributed, multi-

scanner node environment. In this configuration, the initial setup will include steps to connect

this installation to a separate SAINT 8 installation acting as the central “manager.”

Start as a Remote Scanner Node – starts all SAINT 8 processes, checks for any product

updates, and initiates a secure connection to the “manager” installation. This process does not

launch the browser-based user interface. The following describes the steps required to configure

the remote scanner node the first time you start up the installation to Start as a Remote Scanner

Node:

1. Scroll down and click the Enter key on the Start as a Remote Scanner Node option

2. Enter the fixed IP address of the SAINT 8 installation acting as the “manager”

3. Click Return or the down arrow key

4. Click OK to save the change and return to the MAIN MENU

5. Click on the Start as a Remote Scanner Node option to start the scanner node and make a

secure connection to the “Manager.” You should now see the new node listed in the

11/4/2015

connected nodes in the Manage tab – Manage Node page through the “manager”

installation.

Note: The Scanner Node Connection Port and Scanner Node Connection Password are already

set by default for all installations. However, you can change these default settings in the

Configuration tab – System Options – Nodes tab in the “manager” installation. If you have

changed these settings, navigate to the Remote Scanner Node Options menu (described below)

and update those settings before returning to the MAIN MENU and starting the scanner node.

Restart Remote Scanner Node – this option will stop and restart the software, check for any

product updates, and re-initiate a secure connection to the “manager” installation. This step does

not launch the user interface in a browser window.

Remote Scanner Node Options – select this option to configure the installation as a remote

scanner “node” and configure a secure connection to a separate installation acting as a central

“manager.” The following describes the node options in more detail:

• Manager Address – This configuration setting contains the fixed IP address of the

SAINT 8 installation acting as the manager that will control communication and scan

activity on the scanner node.

• Scanner Node Connection Port – This configuration setting contains the TCP port on

the manager that the node will use to connect. This configuration setting is defined

through the user interface, in the Configuration tab, System Options submenu, by clicking

on the Nodes tab.

• Scanner Node Connection Password – Each remote node must supply this password to

authenticate the connection to the “manager” installation. This is the password configured

through the Configuration tab, System Options submenu in the user interface, by the

clicking on the Nodes tab, Node Password setting. If this option is left blank, then no

password is required when connecting a scanner node to the manager.

• Check Software Dependencies – This option checks the installation host for third party

software dependencies or other system requirements to ensure the software can be

installed and configured properly on the host. Note that the SAINT 8 VM deployment

option is automatically released with all valid dependencies; and all installer processes

automatically perform these operations during installation. However, this step may need to

be run manually if there are any issues or problems with the software or modifications to

the host environment affecting the product.

• Back to Main Menu – This option closes the options menu and returns to the SAINT 8

MAIN MENU.

• Exit – Click this option to close the SAINT 8 MAIN MENU.

General Option

These options support modifying configuration settings related to web ports and control over

remote host access, as well as manually checking your system to valid third party dependencies

or other system-related settings.

• Web Allowed Hosts – This configuration setting stores the hosts that are authorized to

connect to the SAINT application. The default is ALL (*). However, you can use this

setting to enter comma delimited IP addresses to limit access to only authorized hosts, if

11/4/2015

needed. This configuration setting is also available in the Configuration tab in the user

interface, through the System Options submenu, by clicking on the Web Server tab.

• Web Port – This configuration setting stores the TCP/IP port that the SAINT 8 web

server listens on. This configuration setting is also available in the Configuration tab in

the user interface, through the System Options submenu, by clicking on the Web Server

tab.

• Check Software Dependencies – This option checks the installation host for third party

software dependencies or other system requirements, to ensure the software can be

installed and configured properly on the host. Note that the SAINT 8 VM deployment

option is automatically released with all valid dependencies; and all installer processes

automatically perform these operations during installation. However, this step may need to

be run manually if there are any issues or problems with the software or modifications to

the host environment affecting the product.

• Back to Main Menu – This option closes the options menu and returns to the SAINT 8

MAIN MENU.

• Exit – Click this option to close the SAINT 8 MAIN MENU.

Stop

Whether you run SAINT 8 by launching the browser or run strictly in background mode or as a

remote mode, the software runs as a background process so scans can continue to be scheduled

and executed, even when the browser is closed on the host. This option allows you to manually

stop the product, including any running background processes. This option will only be available

for selection if SAINT 8 is currently running.

Exit

Select this option to quit the startup process and close the startup menu.

What if a service or required configuration setting is not found on startup?

There may be instances during the startup process where a system configuration value or service

is not found or should be validated prior to startup. For example, one common configuration

setting is related to allowing you control over the hosts that should be allowed to connect to the

web-based application. If this prompt is displayed, enter/verify the explicit IP addresses of

specific hosts (if you wish to restrict access down to that level) or enter/verify * to indicate

remote access from any potential host and then select OK to continue. The latter is the most

common use-case.

11/4/2015

Another possible setting is to define the TCP port to use for allowing the web interface. SAINT

uses Port 1414 by default, but this can be changed if local policies dictate. Enter/verify the port

number in this field and choose OK to continue.

The current installation of SAINT 8 uses either a MySQL or PostreSQL database backend for

application configurations and scan content. In the standard setup, the target database is installed

on the same host as the software. In most *nix-based platforms, the database service is started

automatically and managed by the SAINT installation and startup processes. However, in some

instances (particularly RedHat, CentOS and Fedora) this service is not always started at the same

time the OS is launched. SAINT provides a check on startup to verify whether this service is up

or not on the local host, and will provide a prompt if the host’s database service is not running, as

shown in the following example running mySQL:

If you are using the standard setup, with the database on the same host as the software, you

should enter y at the prompt to start the service.

Successful startup of the database service…

For SAINT installation using an external database

Enter n if SAINT 8 is using a database on a separate host. In that case, SAINT’s startup process

will not perform this check, and responsibility for ensuring the external database is running will

be that of a local SAINT administrator.

11/4/2015

Database Setup The SAINT Security Suite architecture requires a database “backend” to support the content,

user transactions and scanning processes executed through the browser interface. Follow the

instructions provided in this section to select and configure the database platform of choice.

Database Installation and Setup

Once the installation process is complete, the next step is to set up the source database for the

SAINT installation. SAINT’s Security Suite currently supports MySQL or PostgreSQL.

1. Select database setup option 1 to use mySQL or 2 for Postgres.

2. Identify the location for the database. The default SAINT architecture is to connect to a local

instance of a database, running on the same host as the SAINT installation. However, you

may also choose to use a database installed externally to the SAINT 8 host.

a. Default Local Database – If you wish to use the SAINT 8 host, leave the value blank

and press the enter key to continued.

b. Use a Remote Database – If you wish to use an external database, enter the target

host’s IP address. Also, refer to the Connect to a Remote Database section for help

and an example for connecting a remote database to the SAINT installation.

3. As with the previous package installations, the next prompt validates the packages and the

amount of disk space to be used. Enter y at the [y/n] prompt to continue with the installation.

4. Give the database a name. The default is saintdb. Press the enter key to accept this default

value.

5. The setup process will prompt you for a password for your database. If you do not have a

database installed before installing SAINT 8, press the enter key to accept the default

password value.

6. Enter the username to be used as the owner of the database. The default value is esaintuser.

Enter a username or click the enter key to accept the default. The following example

illustrates the setup process, accepting the default values for the database name, root

password and user name, as shown in this example for setting up mySQL:

11/4/2015

7. Enter the password to be used for the user identified in the previous step. The default value is

esaintpass. It is recommended that you reset this password to a more secure password and

one unique to your environment. In the case of an external database, enter the password for

the user for that installation.

8. Click enter to continue.

The installation process will perform the applicable connection, creation, setup, content loading

and startup for the SAINT 8 database.

Once the database is set up, the launcher will launch SAINT 8 in the local browser on the host.

Refer to the steps for Logging In.

Note: On initial login, you will be prompted to change the default password and create a more

secure password unique to your installation and accept the End User License Agreement

(EULA).

11/4/2015

Connect to a Remote Database

Connecting to a Remote MySQL Database

The SAINT Security Suite architecture supports using a remote database rather than a database

running on the same “localhost” as the SAINT software installation. Follow the instructions

below to perform the steps required to use a remote database.

1. The first step is to configure the server that hosts the remote database to allow a remote

connection from SAINT. Edit the /etc/my.cnf file and add the following line to the file:

bind-address=[DB IP address]

The following shows an example for connecting a remote database IP address of

10.0.0.155 from a mySQL database server:

2. Restart the database Server process, as shown in the mySQL example: $ sudo service mysql restart

OR $ sudo /etc/init.d/mysqld restart

3. On the MySQL Shell, grant the necessary privileges to the SAINT DB access.

$ sudo mysql –u root –p (this will prompt you for your mysql password).

4. Enter the following commands to grant access and privileges to your root SAINT machine

and SAINT Application database credentials connection.

<mysql> GRANT ALL PRIVILEGES ON *.* TO root@'[SAINT Host

IP]`IDENTIFIED BY '[mysql password]' WITH GRANT OPTION;

press enter

<MySQL> GRANT ALL PRIVILEGES ON [saintdb].* TO

'esaintuser'@[your SAINT host IP]' IDENTIFIED BY

'esaintpass' WITH GRANT OPTION' press enter

<mysql> exit

5. Exit the MySQL shell and restart the MySQL server: $ sudo service mysql restart

OR

$ sudo /etc/init.d/mysqld restart

11/4/2015

Note: If you have IPTABLES running, allow the port configured for MySQL (the default

MySQL port is 3306).

6. Refer to the Database Installation and Setup instructions next, and follow the steps defined

for configuring SAINT to connect and use the external database.

Connecting to a Remote PostgreSQL Database

The SAINT Security Suite architecture supports using a remote database rather than a database

running on the same “localhost” as the SAINT software installation. Following the instructions

below to perform the steps required to use a remote PostgreSQL database.

1. On the target PostgreSQL Server, edit the /var/lib/pgsql/data/pg_hba.conf file and add the

following syntax in that file, as shown below. This example defines the SAINT 8 address as

10.0.0.153:

“host all all <SAINT8 host IP Address>/24 trust”

2. Next, configure the listen address for the database server. By default, the PostgreSQL listen

address is the localhost in the postgresql.conf file. Edit the /var/lib/pgsql/data/postgresql.conf

file on the PostgreSQL server, and change the listening address to all (*). IMPORTANT:

Remember to uncomment the “listen_addresses”

listen_addresses = ‘*’

3. Refer to the Database Installation and Setup instructions next, and follow the steps defined

for configuring SAINT to connect and use the external database.

11/4/2015

Installing JAVA SDK for SCAP Module The Security Content Automation Protocol (SCAP) is a specification established by the U.S.

National Institute of Standards and Technology (NIST) for expressing and manipulating security

data in standardized ways. Currently, SCAP can enumerate product names and vulnerabilities

(both software flaws and configuration issues); identify the presence of vulnerabilities; and

assign severity scores to software flaw vulnerabilities. The SAINT installation, if licensed for the

SCAP module, requires the installation of the Java Software Development Kit (SDK) to perform

various benchmark assessments defined for that standard. SAINT 8 requires Oracle Java 1.7 JDK

or higher to perform these scans. The JDK installer can be downloaded from the Oracle

download site:

http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html

The following instructions describe the JDK installation process to support running SCAP scans

in SAINT 8.

Command Line installation

The following describes the Oracle JDK installation process on a 64 bit CentOS v6.5 host. You

must be root to proceed with this install or have sudo access.

1. Locate and purge any previously installed java JDK and JRE versions installed on the

system.

$ rpm –aq | grep –i jdk

2. Proceed with the Oracle JDK installation process.

3. Accept the User Agreement and Download the applicable installation file from the Oracle

website:

http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html

11/4/2015

The required file will be downloaded to a designated location in your machine. In this example,

the installer is copied to the Download Directory.

[Download Directory]: $ ls –lhtr | grep jdk*

4. Install the rpm package, using the following command:

$ rpm –ivh jdk-8u25-linux-x64.rpm

5. [OPTIONAL] Delete the downloaded .rpm package using the following command:

[Download Dir]: $ rm –rf jdk-8u25-*

11/4/2015

6. Next, verify the version of the Java installed and running with your system. The displayed

version should be the same as the version just installed, as shown in this example.

7. As a best practice, it is recommended that you run the check_deps8 script as a last step, to

verify all the packages and dependencies are installed. Run the following command from the

following directory:

/usr/share/saint/ directory

$ sudo ./scripts/check_deps8

The output should be as shown in the following example:

Logging In

Accepting the agreement will load SAINT 8 into the browser window and provide a login dialog

(shown below). For those familiar with SAINT Professional, SAINT 8 now includes user access

controls formerly only offered in the SAINT Enterprise Edition through the SAINTmanager tool.

SAINT 8 now enables all customers to create individual user accounts for all users, and manage

role-based security to core functionality and content. Each account owner is provided access to

11/4/2015

the administrative credentials to support 1st login and perform administrative functions such as

creating user accounts and setting up permissions.

The default administrative user account is “admin.” The default password for the account is

included in the Welcome email that included your customer account information and link to the

download site.

1. Enter the default credentials when prompted to login.

2. It will then prompt you to change/create a new unique password for your admin account.

3. Proceed with the acceptance of the license agreement as instructed in the next section.

11/4/2015

Accepting the License Agreement

Unlike earlier versions of SAINT, SAINT 8 does launch a Terminal window or require you to

read and page through the License Agreement through the terminal. SAINT 8 will launch a

browser window and display the License Agreement within the browser.

Note: Some versions of Linux may not automatically launch a browser window. If

SAINT 8 was installed from a Linux DEB or RPM package and you are launching the

system directly from the install host, some installations of Linux may not automatically

launch a browser window. If that happens, you can choose SAINT 8 from the

Applications menu. (It may appear under a sub-menu such as “Other” in some Linux

versions.) Otherwise, if the SAINT 8 installation program created a SAINT 8 icon on your

desktop, double-click the icon. For those using the SAINT 8 VM version, we have also

included browser tabs to our public website and technical support portal.

Please read through the agreement and then accept at the bottom of the page.

Note: The License Agreement will only be displayed and require acceptance during the initial

setup and whenever major releases are delivered.

11/4/2015

Setup License Key

All SAINT products and deployment options require you to configure your license key, based on

the type of license you have purchased. On startup, SAINT 8 verifies your current license key

and provides a notification if no key has been configured.

Instructions for setting up your license key are found in the Administrative Guide section of the

Help documentation (Help hyperlink is in the upper right corner of the mySAINT portal), as well

as shown below:

Configure SAINT Key

1. The first step is to navigate to the Manage tab from the Configure your License Key

hyperlink, and then click on the configure SAINT Key menu option.

2. Open a second browser tab and log in to the mySAINT customer portal

(https://www.saintcorporation.com/cgi-bin/secure/customer/logon.pl) to generate your

license key. Use the account name and password you received in the Welcome email that

included your license and account information.

Note: Click on the Forgot your Password? link on the login page if you don’t know your

password. This link will auto-generate a new password.

https://www.saintcorporation.com/cgi-bin/secure/customer/logon.pl

11/4/2015

3. You will be prompted to generate a new key.

a) Click the View SAINT key on the left side or click on Manage Key.

b) Generate a Key.

4. Copy/paste the entire SAINT key content (including Transmission Key and Password) from

the mySAINT portal page into the Configure SAINT Key window in SAINT 8, as shown

below:

6. Click Save.

11/4/2015

Configure SAINTexpress Plug-In

The first time you install a SAINT key (including the user name, transmission password, and

transmission key at the bottom) via the Configure SAINT Key option, SAINT automatically

configures SAINTexpress with the user and transmission information. If you later change your

user name (e.g., when upgrading from an evaluation license to a purchased license), or if your

network environment includes a proxy, you need to enter that information in this form.

This page also provides a checkbox to temporarily disable SAINTexpress to prevent automatic

update of your installation when SAINT restarts. This option may be preferable to comply with

local change management policies or if you are in a closed network environment and must

manage updates without an Internet connection.

Get the Latest Updates with SAINTexpress

The last step is to ensure you have all of the latest vulnerability checks, exploits, tutorial content,

bug fixes, and feature updates.

1. Navigate to the System Status page, and click the Restart and Update button. SAINT 8

will use the SAINTexpress update plug-in to pull the latest updates and publish them to

your new installation. The SAINTexpress status will always be displayed on the System

Status page, and provides the ability to control whether SAINTexpress obtains product

updates, using the Disable/Enable button.

2. The update process will be completed once you see the “Restart” dialog and a status of

“Restarted.”

3. Close this window and navigate to the Scan tab to set up your first scan job.

11/4/2015

Run your First Scan Job

The following is a quick exercise to get you started with your first scan and to introduce the core

features of the new scan wizard:

1. Click on the Scan tab.

2. Click on the Manage Jobs scan menu option.

The first time you access the system, SAINT 8 will prompt you that there are no scan

jobs in the system: “Would you like to create one?”

3. Click that hyperlink to set up your first job. SAINT will launch the Scan Job setup

Wizard and walk you through the process of setting up your first job. In the following

example, we will set up a Job, using only the minimum required steps. Refer to the Scan

section of the User Guide for more information on all of the available options for running

various types of scans.

Step 1: Scan Info – Enter a Name for your scan Job. Optionally, you can enter a

description to assist in identifying the scan Job at a later time. Asset groups are used to

create a pre-defined list of common targets (assets). In Job setup, you can choose a pre-

defined Asset Group to auto-populate the target list to speed scan setup workflows and

make it easier to manage ‘like’ assets (i.e., by vendor, by function, by subnet, by owner,

etc.). We will skip this option for this example.

Step 2: Targets – Click Next to enter the host targets to be scanned. Enter the address(es)

of the target(s) to be scanned. This can be individual IP addresses, subnets, CIDR for

IPv4 or IPv6 addresses, or domain names. This can be done through a comma separated

list in the Enter target(s) field or you can use the Free Form target entry option.

Step 3: Scan Policy – Click Next to define the type of scan to be executed for the scan

Job. SAINT provides many pre-defined scan policies that are based on various types of

11/4/2015

vulnerability, content, and configuration assessment needs from general vulnerability

scanning to specially configured scans tailored for various industry compliance controls.

For this scan, select the Vulnerability Policy Category. Next, select a specific policy. For

this example, select a Heavy Vulnerability scan. Check the Exhaustive option to

configure this policy to enforce more thorough check methods. This type of scan executes

all of SAINT’s vulnerability checks applicable to the type of target being assessed.

Step 4: Authentication – Optional. This step allows you to enter administrative

credentials to be used on the target hosts to support deeper scans. This step can be

skipped in this example.

Step 5: Advanced – Optional. This step provides access to dozens of advanced

configuration options, such as host type fingerprint settings, scan performance, email

notifications and report attachments when scans are complete, port settings, anti-virus

scan rules, and others. This step can be skipped in this example.

Step 6: Review, Schedule and Finish –This step shows you a summary of the Job’s setup,

and provides features to define when to run the job. Jobs can be run at a predetermined

date/time or even as a recurring job. In this example, choose to run the job immediately.

Click Finish.

4. Click on the Manage Scan menu option to see your new job running. The Job defines all

of the settings required for a scan activity. Scans are individual executions of the Job’s

instructions. This means that you can create single scans, recurring scans or even “re-

scan” the same Job manually whenever you choose, to see results for the defined targets

across time. This is shown in the following example of a Job run once and another run

three times between Dec. 2 and Dec. 13th.

Once the scan is complete, you can use the various product features to view strategic

graphs in the Dashboard tab (shown below), perform detailed analysis in the Analyze tab,

and create reports from pre-defined or customized reports.

11/4/2015

saint 8 security suite red hat and centos operating...

Documents